Symantec Encryption Management Server Web Email Protection users running Internet Explorer 9 or 10 with the MS13-055: Cumulative Security Update for Internet Explorer: July 9, 2013 (KB2846071) update installed cannot add attachments to messages.

The problem occurs when a user tries to add an attachment to a Web Email Protection message doing the following:

Create a new message or reply to an existing one.

1. Click on the paper clip icon or on Add attachment.
2. Click on the Browse button to find a file and double click on it.
3. Click on the Attach button.

This type of problem is acknowledged by Microsoft in the Known issues with this security update section of MS13-055:

After you install the security update for Internet Explorer 9 or for Internet Explorer 10 that is described in Microsoft security bulletin MS13-055, you may experience the following issues when you access some websites:

• A browser window automatically closes and logs you out of a web session.
• Drop down menus are not correctly populated.

No error is displayed for the user and the Symantec Encryption Management Server Web Email Protection log shows only the following when the user with email address [email protected] is replying to a message and trying to add an attachment:

2013/07/17 17:21:45 +01:00  INFO   pgp/wm[2002]: 10.12.39.241 [email protected] Login
2013/07/17 17:21:45 +01:00  INFO   pgp/wm[2002]: 10.12.39.241 [email protected] Session initiated
2013/07/17 17:21:45 +01:00  NOTICE pgp/wm[2002]: 10.12.39.241 [email protected]  read message <[email protected]>
2013/07/17 17:22:01 +01:00  INFO   pgp/wm[2002]: 10.12.39.241 [email protected] Session terminated
 

This issue is caused by the  KB2846071 hotfix which is described in Microsoft Security Bulletin MS13-055 published on 2013-07-09.  Many users of Internet Explorer 10 will have it applied automatically via Windows Update. Users with Internet Explorer 9 who have installed the update are also affected.

The hotfix changes the way that javascript functions in the browser which is used for the upload and logoff functionality of Web Messenger.

 Use the following steps to determine if KB2846071 hotfix update is installed.

1. Click Start > Control Panel.
2. Select Programs.
3. Under Program and Features, click View installed updates. The Installed Updates are displayed.
4. Browse through the list of updates for KB2846071.

Update Internet Explorer to MS13-059: Cumulative security update for Internet Explorer: August 13, 2013 (KB 2862772). By default, users of IE 10 will receive this update automatically.  Alternatively, it can be downloaded for IE 9 from here or for IE 10 from here.

This Microsoft update corrects the problem with IE 9 and IE 10 that was introduced with MS13-055.

Applies To

The following have been tested, but this issue may affect all versions of Symantec Encryption Management Server and PGP Universal Server:

• Symantec Encryption Management Server 3.3 running Web Email Protection
• PGP Universal Server 3.2.x running Web Messenger
• Windows 7 SP1 running Internet Explorer 10 with KB2846071 installed
• Windows 7 SP1 running Internet Explorer 9 with KB2846071 installed

Please note that the following versions of Windows and Internet Explorer do not exhibit this problem:

• Windows 7 SP1 x32 running Internet Explorer 8 with KB2846071 installed
• Windows XP SP3 x32 running Internet Explorer 6 with KB2846071 installed